Medium severity6.6GHSA Advisory· Published May 17, 2024· Updated Apr 15, 2026
CVE-2024-5042
CVE-2024-5042
Description
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/submariner-io/submariner-operatorGo | >= 0.16.0-m0, < 0.16.4 | 0.16.4 |
github.com/submariner-io/submariner-operatorGo | >= 0.17.0-m0, < 0.17.2 | 0.17.2 |
github.com/submariner-io/submariner-operatorGo | < 0.15.4 | 0.15.4 |
github.com/submariner-io/submariner-operatorGo | >= 0.18.0-m0, < 0.18.0-rc0 | 0.18.0-rc0 |
Affected products
2- Range: >= 0.18.0-m0, < 0.18.0-rc0
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-2rhx-qhxp-5jpwnvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-5042ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:4591nvdWEB
- access.redhat.com/errata/RHSA-2026:6503nvdWEB
- access.redhat.com/security/cve/CVE-2024-5042nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/submariner-io/submariner-operator/commit/b27a04c4270e53cbff6ff8ac6245db10c204bcabghsaWEB
- github.com/submariner-io/submariner-operator/issues/3041ghsaWEB
- github.com/submariner-io/submariner-operator/pull/3040ghsaWEB
- github.com/submariner-io/submariner-operator/pull/3045ghsaWEB
- github.com/submariner-io/submariner-operator/pull/3046ghsaWEB
- github.com/submariner-io/submariner-operator/pull/3049ghsaWEB
News mentions
0No linked articles in our index yet.